Dovecot: How To Enable Secure (SSL) IMAP & POP3 With (Free) Self-Signed Certificate

First you should learn how to create a self-signed certificate using OpenSSL (free). After that it is a simple matter of copying the files to appropriate location and enabling dovecot to use SSL authentication. Let’s look at the details.

First you need to find the location to place the certificate and key file. Open dovecot.conf file (Location: /etc/dovecot.conf) and search for pem. You will find two lines like:

#ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem
#ssl_key_file = /etc/pki/dovecot/private/dovecot.pem


These indicate the default location of the key and certificate file.
Note: You are likely to find that there is already a certificate installed if you have used a software like yum or apt to install dovecot. However you will most likely find that the certificate was installed with an incorrect common name which may cause your email client (like Thunderbird) to prompt for permission everytime you check mails.

Assume you have created the self-signed certificate named ca.crt and your key is named ca.key.
Now replace (after saving a backup) the existing, if available, ssl certificate file, in my case /etc/pki/dovecot/certs/dovecot.pem, with ca.crt (after renaming obviously). Similarly replace the existing, if available, key file (in my case /etc/pki/dovecot/private/dovecot.pem) with ca.key (after renaming).

Now open dovecot.conf and search for protocols. Ensure that the line is as follows:
protocols = imaps pop3s
Note: This disables regular pop3 & imap server. Add them too if you must.

Ensure that the ssl_cert_file and ssl_key_file parameters are pointing to the right file as explained above.

Now restart the dovecot server which in my case is simply:
/sbin/service dovecot restart

You should now be able to use secure POP3 & IMAP with dovecot.